Good ideas for real people dealing with ridiculous password demands from web sites – how to get a decent password you can remember and still be secure. The thing he says about LENGTH being the only thing that improves password strength is pretty complete. All this hubbub about making it nonsense just makes it harder for you to remember and as such less secure.
If you’d like to know an even better approach – far easier to remember and much harder to guess or reverse engineer, see me in person.
“A good password is not only strong and secure (hard to guess), but also easy to remember (practical). So: what’s a good password in everyday life? An important question….
The answer will probably surprise you. It surprised me, anyway! A strong password is above all…. long. Symbols, numerals, caps and punctuation marks don’t make it stronger, but they do make it harder for you to remember it.”
…
You’ve read it correctly: Tr0ub4dor&3 is less secure than correct-horse-battery-staple. Less secure, and much harder to remember. For three simple reasons:
1. The password sentence has simply more characters than the single word. In other words: it’s longer.
2. The “weird” characters are for the computer of an attacker not harder to crack than normal characters.
3. The dashes between the four random words, render a “brute force” dictionary attack futile: the attacker simply can’t know where the dashes are in the sentence, so he can’t use a dictionary at all. Furthermore, the words are random and don’t constitute an existing sentence.